Video conferencing mistakes make espionage easy, say researchers

Tens of thousands of video conferencing setups, including some in corporate meeting rooms where the most confidential information is discussed, are vulnerable to spying attacks, researchers said.

Some in the video conference industry have taken exception to Moore's conclusions that spying is easy.

David Maldow, an analyst with Telepresence Options, an arm of the Human Productivity Labs consultancy, which specializes in video conferencing, countered in a blog post Tuesday, arguing that Moore was simply "random dialing and peek[ing] around some empty rooms."

Moore answered with his own post , saying that many of Maldow's comments were contrary to the facts on the ground.

Stopping such attacks is not difficult, but does require some technical know-how, which Moore and Tuchen concluded from the evidence was not always available or aimed at video conferencing.

"Video conferencing companies could solve these problems if they provided a more severe warning when auto-answer is turned on," said Tuchen. "And they could provide more technical assistance to customers in setting up H.323 gateways."

"What stuck out for me was how bad the situation was," said Moore. "The popularity of video conferencing systems among the venture capital and finance industries leads to a small pool of incredibly high-value targets for any attacker intent on industrial espionage or obtaining an unfair business advantage."